I just want to let you know that the bug is fixed upstream
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/482
Also I attached the patches from the MR fixing the bugs.
Thanks for your work!
Mirko
>From 36831d620660f812e170172845582378f6fd8870 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thal...@redhat.com>
Date: Mon, 27 Apr 2020 20:28:04 +0200
Subject: [PATCH 1/2] vpn: clear host part of IP addresses received from VPN
plugin
Kernel would reject adding a route with a destination host part not
all zero. NetworkManager generally coerces such routes, but there
are assertions in place to ensure we do that.
Forgot to do that for some IP addresses, which can cause an assertion
to get hit.
---
src/vpn/nm-vpn-connection.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/vpn/nm-vpn-connection.c b/src/vpn/nm-vpn-connection.c
index 35bf4afb3e..6be8d9bac6 100644
--- a/src/vpn/nm-vpn-connection.c
+++ b/src/vpn/nm-vpn-connection.c
@@ -1790,6 +1790,8 @@ nm_vpn_connection_ip6_config_get (NMVpnConnection *self, GVariant *dict)
route.metric = route_metric;
route.rt_source = NM_IP_CONFIG_SOURCE_VPN;
+ nm_utils_ip6_address_clear_host_address (&route.network, &route.network, route.plen);
+
/* Ignore host routes to the VPN gateway since NM adds one itself.
* Since NM knows more about the routing situation than the VPN
* server, we want to use the NM created route instead of whatever
--
2.26.2
>From b9e25fa35de5e950a683db93b90099a6270e2492 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thal...@redhat.com>
Date: Mon, 27 Apr 2020 20:29:13 +0200
Subject: [PATCH 2/2] vpn: cleanup loop in nm_vpn_connection_ip6_config_get()
I find it simpler to follow the pattern of checking conditions and
"erroring out", by going to the next entry. The entire loop behaves
like that already.
---
src/vpn/nm-vpn-connection.c | 38 +++++++++++++++++++++++--------------
1 file changed, 24 insertions(+), 14 deletions(-)
diff --git a/src/vpn/nm-vpn-connection.c b/src/vpn/nm-vpn-connection.c
index 6be8d9bac6..6d995dc489 100644
--- a/src/vpn/nm-vpn-connection.c
+++ b/src/vpn/nm-vpn-connection.c
@@ -1595,13 +1595,18 @@ nm_vpn_connection_ip4_config_get (NMVpnConnection *self, GVariant *dict)
route.plen = plen;
route.network = nm_utils_ip4_address_clear_host_address (route.network, plen);
- /* Ignore host routes to the VPN gateway since NM adds one itself
- * below. Since NM knows more about the routing situation than
- * the VPN server, we want to use the NM created route instead of
- * whatever the server provides.
- */
- if (!(priv->ip4_external_gw && route.network == priv->ip4_external_gw && route.plen == 32))
- nm_ip4_config_add_route (config, &route, NULL);
+ if ( priv->ip4_external_gw
+ && route.network == priv->ip4_external_gw
+ && route.plen == 32) {
+ /* Ignore host routes to the VPN gateway since NM adds one itself
+ * below. Since NM knows more about the routing situation than
+ * the VPN server, we want to use the NM created route instead of
+ * whatever the server provides.
+ */
+ break;
+ }
+
+ nm_ip4_config_add_route (config, &route, NULL);
break;
default:
break;
@@ -1792,13 +1797,18 @@ nm_vpn_connection_ip6_config_get (NMVpnConnection *self, GVariant *dict)
nm_utils_ip6_address_clear_host_address (&route.network, &route.network, route.plen);
- /* Ignore host routes to the VPN gateway since NM adds one itself.
- * Since NM knows more about the routing situation than the VPN
- * server, we want to use the NM created route instead of whatever
- * the server provides.
- */
- if (!(priv->ip6_external_gw && IN6_ARE_ADDR_EQUAL (&route.network, priv->ip6_external_gw) && route.plen == 128))
- nm_ip6_config_add_route (config, &route, NULL);
+ if ( priv->ip6_external_gw
+ && IN6_ARE_ADDR_EQUAL (&route.network, priv->ip6_external_gw)
+ && route.plen == 128) {
+ /* Ignore host routes to the VPN gateway since NM adds one itself.
+ * Since NM knows more about the routing situation than the VPN
+ * server, we want to use the NM created route instead of whatever
+ * the server provides.
+ */
+ goto next;
+ }
+
+ nm_ip6_config_add_route (config, &route, NULL);
next:
g_variant_unref (dest);
--
2.26.2
